CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...

PT-2022-13797 · WordPress · Discy

Name of the Vulnerable Software and Affected Versions: Discy WordPress theme versions prior to 5.0 Description: The issue allows any logged-in users, with privileges as low as Subscriber, to change theme options by sending a crafted POST request to the "discy update options" action due to a lack ...

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

WordPress theme Discy 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress theme Discy plugin versions prior to 5.2 contain a cross-site request forgery vulnerability that...